Microsoft on Tuesday asked the Obama administration to allow it to reveal details about how it responds to orders from the U.S. government for user account data.
Brad Smith, Microsoft's general counsel, sent a strongly worded letter to Attorney General Eric Holder this afternoon saying there is "no longer a compelling government interest" in preventing companies "from sharing more information" about how they respond. That's especially true, the letter said, when this information is likely to help "allay public concerns" about warrantless surveillance.
The letter appears to be a response to a report last Thursday in the Guardian, based on internal National Security Agency documents provided by Edward Snowden, that said the government can intercept Skype calls and encrypted Outlook.com messages. That's a change from 2008, when the then eBay-owned Skype told CNET it "would not be able to comply" with a wiretapping court order.
"The Constitution itself is suffering" from ongoing secrecy, Smith said in his letter to Holder, adding that "it will take the personal involvement of you or the President to set things right." Last week, according to Smith, Microsoft requested permission to divulge more information in an effort to clear its name, but the Justice Department "rejected" the request.
Microsoft said in a separate blog post by Smith today that: "We do not provide any government with the ability to break the [Outlook.com] encryption, nor do we provide the government with the encryption keys. When we are legally obligated to comply with demands, we pull the specified content from our servers where it sits in an unencrypted state, and then we provide it to the government agency."
Under U.S. law and similar laws in other countries, companies can be compelled to turn over confidential user data in some circumstances. In the United States, those demands arise through court orders that the FBI and other law enforcement agencies obtain for criminal investigations, as well as through Foreign Intelligence Surveillance Act (FISA) orders issued in a separate process for terrorist and counterespionage investigations. (PRISM is an NSA software utility used to collate data gathered through FISA orders.)
Microsoft's blog post also said, referring to Skype calls, that "we will not provide governments with direct or unfettered access to customer data or encryption keys." The company said it responds only to orders for "specific accounts and identifiers" and never provides "blanket or indiscriminate access to Microsoft's customer data" -- a challenge to some claims of direct access to servers. It also said that changes it made to Skype in 2012 to shift to in-house hosting of super nodes, which may have allowed the service to become wiretap-compliant, were done for technical reasons, not to facilitate surveillance.
CNET reported last Friday that the U.S. government has threatened Internet companies with installing surveillance devices on their networks if they do not help with surveillance requests.
The article disclosed that Microsoft had created a wiretap compliance system to respond to legal orders for surveillance directed at Hotmail accounts -- a process that prevented government surveillance devices from being installed. The government has previously installed surveillance devices on networks owned by Verizon Business and EarthLink.
Microsoft has asked the Foreign Intelligence Surveillance Court for permission to disclose "aggregate statistics" regarding the number of FISA orders it receives, including orders feeding into PRISM. That request (PDF) was filed on June 19. The Justice Department has been delaying the proceedings, initially saying it would respond by July 9 and then asking (PDF) for a deadline extension to July 23.
Last updated at 12:50 p.m. PT